Thanks for confirming 
I am using the following with a custom file in /etc/unbound/local.d/
I realize some of these settings may be redundant and/or not recommended by the IPFire developers but, I found the DNS over TLS very slow with the default settings out of the box in IPFire. In my case, IPFire was only using a single thread and the Unbound statistics showed very low cache hit rate. With these adjustments I’m seeing much higher cache hit rates and web surfing feels a lot faster.
Also one more note, I’m using Quad9 for my DNS over TLS provider. They seem very aggressive at closing the connection once the DNS lookup completes. With a single thread for Unbound, this means I was frequently running in to issues with DNS burst lookups, because the connection would be closed before the single thread could open a new connection back to Quad9. Adding 4 threads helps this quite a bit.
Here’s the config I’m using:
server:
hide-identity: yes
hide-version: yes
harden-glue: yes
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
jostle-timeout: 200
infra-host-ttl: 900
infra-cache-numhosts: 10000
outgoing-num-tcp: 20
incoming-num-tcp: 20
edns-buffer-size: 1432
cache-max-ttl: 86400
cache-min-ttl: 900
harden-dnssec-stripped: no
msg-cache-size: 250m
rrset-cache-size: 500m
qname-minimisation: yes
qname-minimisation-strict: yes
num-threads: 4
msg-cache-slabs: 4
rrset-cache-slabs: 4
infra-cache-slabs: 4
key-cache-slabs: 4
prefetch: yes
prefetch-key: yes
use-caps-for-id: no
serve-expired: yes
so-reuseport: yes
do-not-query-localhost: no
statistics-interval: 21600
statistics-cumulative: yes
# DNS Rebinding
# For DNS Rebinding prevention
private-address: 127.0.0.0/8
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 169.254.0.0/16
private-address: 192.168.0.0/16